I setup a machine for my parents that is basically the gateway system to the internet. It is connected on eth0 to a cable modem using DHCP. The system has Shorewall installed.
Everything works, but I noticed an enormous amount of logging by Shorewall concerning rfc1918 drops. Since I am not very familiar with DHCP I have to make some assumptions. Their isp uses 172.31.254.133 as DHCP server. The cable modem has an address in the range of 10.144.xxx.xxx. Again the setup has just worked, but I want to reduce the logging of Shorewall to these "known" destinations. Since I can imagine why a DHCP-client would like to talk to the server I have allowed the server ips packets to pass. But why is the modem talking to the dhcp-client (or I assume it is trying to do that). Since the isp tells me that the modem ip is dynamic, I will have to assume that just allowing one ip in the 10.144.xxx.xxx range is not enough. Is it safe or recommended to open up a wide range of rfc1918 ips? I could ofcourse also have the packets dropped silently, but now I know about this, I am not sure that blocking traffic with regards to DHCP is smart. Bob
